Age | Commit message (Collapse) | Author |
|
don't reset to the installed sshd; connect before
reconfigure, too
|
|
implement a SIGINFO handler so we can discern a stuck
fuzz test from a merely glacial one; prompted by and ok markus
|
|
use $SSH instead of installed ssh to allow override;
spotted by markus@
|
|
regress test for PubkeyAcceptedKeyTypes; ok markus@
|
|
unbreak parsing of pubkey comments; with gerhard; ok
djm/deraadt
|
|
fatal if soft-PKCS11 library is missing rather (rather
than continue and fail with a more cryptic error)
|
|
let this test all supporte key types; pointed out/ok
markus@
|
|
sync ssh-keysign, ssh-keygen and some dependencies to the
new buffer/key API; mostly mechanical, ok markus@
|
|
remove commented-out test code now that it has moved to a
proper unit test
|
|
whitespace
|
|
move authfd.c and its tentacles to the new buffer/key
API; ok markus@
|
|
fix small regression: ssh-agent would return a success
message but an empty signature if asked to sign using an unknown key; ok
markus@
|
|
fix some regressions caused by upstream merges
enable KRLs now that they no longer require BIGNUMs
|
|
|
|
|
|
|
|
|
|
|
|
Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.
Considered highly experimental for now.
|
|
|
|
avoid BIGNUM in KRL code by using a simple bitmap;
feedback and ok markus
|
|
update sftp client and server to new buffer API. pretty
much just mechanical changes; with & ok markus
|
|
switch to sshbuf/sshkey; with & ok djm@
|
|
Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.
Considered highly experimental for now.
|
|
avoid an warning for the !OPENSSL case
|
|
swith auth-options to new sshbuf/sshkey; ok djm@
|
|
make non-OpenSSL aes-ctr work on sshd w/ privsep; ok
markus@
|
|
remove unneeded includes, sync my copyright across files
& whitespace; ok djm@
|
|
adapt mac.c to ssherr.h return codes (de-fatal) and
simplify dependencies ok djm@
|
|
sync changes from libopenssh; prepared by markus@ mostly
debug output tweaks, a couple of error return value changes and some other
minor stuff
|
|
Allows disabling support for SSH protocol 1.
|
|
add sshd_config HostbasedAcceptedKeyTypes and
PubkeyAcceptedKeyTypes options to allow sshd to control what public key types
will be accepted. Currently defaults to all. Feedback & ok markus@
|
|
unbreak parsing of pubkey comments; with gerhard; ok
djm/deraadt
|
|
missing error assigment on sshbuf_put_string()
|
|
apparently memcpy(x, NULL, 0) is undefined behaviour
according to C99 (cf. sections 7.21.1 and 7.1.4), so check skip memcpy calls
when length==0; ok markus@
|
|
free->sshkey_free; ok djm@
|
|
allow WITH_OPENSSL w/o WITH_SSH1; ok djm@
|
|
adjust for sshkey_load_file() API change
|
|
fix ssh_config FingerprintHash evaluation order; from Petr
Lautrbach
|
|
reorder hostbased key attempts to better match the
default hostkey algorithms order in myproposal.h; ok markus@
|
|
deprecate key_load_private_pem() and
sshkey_load_private_pem() interfaces. Refactor the generic key loading API to
not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign
previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as
comment fields.
ok markus@
|
|
workaround for the Meyer, et al, Bleichenbacher Side
Channel Attack. fake up a bignum key before RSA decryption. discussed/ok djm
markus
|
|
KNF and add a little more debug()
|
|
add fingerprinthash to the options list;
|
|
tweak previous;
|
|
If an invalid rdclass was passed to getrrsetbyname() then
this would execute a free on an uninitialised pointer.
OpenSSH only ever calls this with a fixed and valid rdclass.
Reported by Joshua Rogers
|
|
Includes fix for 1 byte output overflow for large key length
requests (not reachable in OpenSSH).
Pointed out by Joshua Rogers
|
|
patch from writeonce AT midipix.org via bz#2296
|
|
|
|
mention ssh -Q feature to list supported { MAC, cipher,
KEX, key } algorithms in more places and include the query string used to
list the relevant information; bz#2288
|